All errata/sisyphus/ALT-PU-2020-2888-1
ALT-PU-2020-2888-1

Package update kernel-image-mp in branch sisyphus

Version5.8.12-alt1
Task#258878
Published2020-09-29
Max severityHIGH
Severity:

Closed issues (9)

BDU:2020-05656
MEDIUM4.1

Уязвимость rbd-драйвера операционной системы Linux, позволяющая нарушителю повысить свои привилегии

Published: 2020-12-15Modified: 2024-06-18
CVSS 3.xMEDIUM 4.1
CVSS:3.x/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
CVSS 2.0LOW 3.8
CVSS:2.0/AV:L/AC:H/Au:S/C:N/I:C/A:N
References
BDU:2021-00106
HIGH7.2

Уязвимость модуля HDLC_PPP ядра операционной системы Linux, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-01-14Modified: 2022-10-17
CVSS 3.xHIGH 7.2
CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:C
References
BDU:2021-01953
MEDIUM5.5

Уязвимость функции kvm_io_bus_unregister_dev (virt/kvm/kvm_main.c) ядра операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2021-04-08Modified: 2025-01-29
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C
References
BDU:2021-03291
MEDIUM5.9

Уязвимость подсистемы vgacon ядра операционной системы Linux, позволяющая нарушителю оказать воздействие на доступность защищаемой информации

Published: 2021-06-30Modified: 2024-12-05
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVSS 2.0LOW 3.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P
References
CVE-2020-14314
MEDIUM5.5

A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.

Published: 2020-09-15Modified: 2024-11-21
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2020-25284
MEDIUM4.1

The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.

Published: 2020-09-13Modified: 2024-11-21
CVSS 2.0LOW 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:P/A:N
CVSS 3.xMEDIUM 4.1
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
References
CVE-2020-25643
HIGH7.2

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published: 2020-10-06Modified: 2024-11-21
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:C
CVSS 3.xHIGH 7.2
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
CVE-2020-28097
MEDIUM5.9

The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.

Published: 2021-06-24Modified: 2024-11-21
CVSS 2.0LOW 3.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
References
CVE-2020-36312
MEDIUM5.5

An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.

Published: 2021-04-07Modified: 2024-11-21
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References